BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Cisco Global Site Selector Cross-Site Request Forgery

Disclosed September 4, 2013    Zeroday : 382 days

Vulnerability Description:

Cisco Global Site Selector (GSS) contains a vulnerability whereby an attacker can specially craft HTTP requests to perform cross-site request forgery attacks. This can be used by remote attackers to arbitrarily send requests as an authenticated user to Cisco GSS.

Vendors:

Cisco

Vulnerable Software/Devices:

Cisco Global Site Selector 3.2 and possibly earlier versions

Vulnerability Severity:

Medium

Exploit Availability:

No Exploit Available

Exploit Impact:

Cross-Site Request Forgery
Cisco GSS allows users to trigger actions via HTTP requests, while failing to validate that the user is logged in. This allows attackers to submit arbitrary requests and have them executed.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
  • 30394 - Cisco Global Site Selector Cross-Site Request Forgery (20130905) (Zero-Day)

Mitigation:

No mitigations currently available.

Links:

CVE(s):